hier der Log von Schritt 2:
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "D:\Dokumente und Einstellungen\Karim\Anwendungsdaten\getrighttogo"
Successfully deleted: [Folder] "D:\Dokumente und Einstellungen\Karim\appdata\locallow\datamngr"
Successfully deleted: [Folder] "D:\Programme\free video converter"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2014 at 10:19:46,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hi,
hab die lie log dateien vom 25.1.14 nicht mehr!
hier Schritt 3 Log Datei:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014
Ran by Karim (administrator) on KARIMCOMP1 on 27-01-2014 10:30:35
Running from D:\Dokumente und Einstellungen\Karim\Desktop\VirProg\VirProg270114
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) D:\Programme\SUPERAntiSpyware010612\SASCORE.EXE
(AccSys GmbH) D:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Programme\Bonjour\mDNSResponder.exe
(HP) D:\WINDOWS\system32\HPZipm12.exe
(Microsoft Corporation) D:\Programme\Zune\ZuneBusEnum.exe
(Microsoft Corporation) D:\WINDOWS\system32\wuauclt.exe
(Brother Industries, Ltd.) D:\WINDOWS\system32\BrmfRsmg.exe
(AccSys GmbH) D:\Programme\WLAN Monitor\WLConfig.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(SUPERAntiSpyware) D:\Programme\SUPERAntiSpyware010612\SUPERANTISPYWARE.EXE
(Hama GmbH & Co KG) D:\Programme\Hama\Common\RaUI.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) D:\Programme\iPod\bin\iPodService.exe
(AccSys GmbH) D:\Programme\WLAN Monitor\accwpac.exe
(Microsoft Corporation) D:\Programme\Internet Explorer\iexplore.exe
(Microsoft Corporation) D:\Programme\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [wlconfig] - D:\Programme\WLAN Monitor\wlconfig.exe [1347584 2006-03-06] (AccSys GmbH)
HKLM\...\Run: [QuickTime Task] - D:\Programme\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [421160 2010-11-11] (Apple Inc.)
HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [avgnt] - D:\Programme\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] - D:\Programme\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - D:\Programme\SUPERAntiSpyware010612\SUPERAntiSpyware.exe [5703920 2013-08-15] (SUPERAntiSpyware)
Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> D:\Programme\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280585476937
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - D:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Programme\SUPERAntiSpyware010612\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 04 D:\Programme\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: D:\Dokumente und Einstellungen\Karim\Anwendungsdaten\Mozilla\Firefox\Profiles\cda7gp9p.default
FF Plugin: @adobe.com/FlashPlayer - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - D:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - D:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - D:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: D:\Programme\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - D:\Dokumente und Einstellungen\Karim\Anwendungsdaten\Mozilla\Firefox\Profiles\cda7gp9p.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
========================== Services (Whitelisted) =================
R2 !SASCORE; D:\Programme\SUPERAntiSpyware010612\SASCORE.EXE [116608 2012-09-18] (SUPERAntiSpyware.com)
R2 accsvc; D:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe [147456 2006-01-11] (AccSys GmbH)
R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008 2012-12-21] (Apple Inc.)
R2 Bonjour Service; D:\Programme\Bonjour\mDNSResponder.exe [345376 2010-10-07] (Apple Inc.)
S2 gupdate; D:\Programme\Google\Update\GoogleUpdate.exe [136176 2010-09-26] (Google Inc.)
S3 gupdatem; D:\Programme\Google\Update\GoogleUpdate.exe [136176 2010-09-26] (Google Inc.)
R3 iPod Service; D:\Programme\iPod\bin\iPodService.exe [820008 2010-11-11] (Apple Inc.)
S3 MozillaMaintenance; D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [115608 2013-04-10] (Mozilla Foundation)
S3 WMZuneComm; D:\Programme\Zune\WMZuneComm.exe [268512 2011-08-05] (Microsoft Corporation)
R2 ZuneBusEnum; D:\Programme\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)
S3 ZuneNetworkSvc; D:\Programme\Zune\ZuneNss.exe [6363872 2011-08-05] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; D:\Programme\Zune\ZuneWlanCfgSvc.exe [444640 2011-08-05] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 AegisP; D:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2010-07-31] (Meetinghouse Data Communications)
R1 AmdK8; D:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices)
R2 avgntflt; D:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; D:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; D:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-29] (Avira Operations GmbH & Co. KG)
R3 brfilt; D:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
R3 BrUsbScn; D:\WINDOWS\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries Ltd.)
S3 camfilt2; D:\WINDOWS\System32\DRIVERS\camfilt2.sys [94720 2007-08-06] (Guillemot Corporation)
S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HPZid412; D:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-09-29] (HP)
S3 HPZipr12; D:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-09-29] (HP)
S3 HPZius12; D:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
R0 Lbd; D:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-07-12] (Lavasoft AB)
R3 mf; D:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)
S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; D:\WINDOWS\System32\drivers\npf.sys [32512 2006-03-06] (CACE Technologies)
R0 nvata; D:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation)
R3 NVENETFD; D:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation)
R3 nvnetbus; D:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation)
R3 RT73; D:\WINDOWS\System32\DRIVERS\rt73.sys [451968 2007-10-01] (Ralink Technology, Corp.)
R1 SASDIFSV; D:\Programme\SUPERAntiSpyware010612\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Programme\SUPERAntiSpyware010612\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SNPSTD3; D:\WINDOWS\System32\DRIVERS\snpstd3.sys [10371072 2007-07-17] (Sonix Co. Ltd.)
R1 ssmdrv; D:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-04-10] (Avira GmbH)
R2 zumbus; D:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)
S3 catchme; \??\D:\cofi\catchme.sys [x]
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [x]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
S3 Lavasoft Kernexplorer; \??\D:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys [x]
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-27 10:19 - 2014-01-27 10:19 - 00000848 _____ D:\Dokumente und Einstellungen\Karim\Desktop\JRT.txt
2014-01-27 09:38 - 2014-01-27 09:38 - 00000000 ____D D:\FRST
2014-01-18 19:07 - 2014-01-18 19:07 - 00000000 ____D D:\Programme\Neuer Ordner (2)
2014-01-18 17:48 - 2014-01-18 17:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Lokale Einstellungen\Anwendungsdaten\4Videosoft Studio
2014-01-18 17:48 - 2014-01-18 17:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Eigene Dateien\4Videosoft Studio
2014-01-18 17:48 - 2014-01-18 17:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Anwendungsdaten\log
2014-01-18 17:48 - 2014-01-18 17:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Anwendungsdaten\libimobiledevice
2014-01-18 17:48 - 2014-01-18 17:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Anwendungsdaten\5502d96035c22d3426f32c64813b55d057fecd47
2014-01-18 17:42 - 2014-01-18 18:26 - 00000000 ____D D:\Programme\Trnasferprogramm iphone
2014-01-18 08:58 - 2014-01-18 08:58 - 00000000 ____H D:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2014-01-17 17:36 - 2014-01-17 17:36 - 00264616 _____ (Oracle Corporation) D:\WINDOWS\system32\javaws.exe
2014-01-17 17:36 - 2014-01-17 17:36 - 00175016 _____ (Oracle Corporation) D:\WINDOWS\system32\javaw.exe
2014-01-17 17:36 - 2014-01-17 17:36 - 00174504 _____ (Oracle Corporation) D:\WINDOWS\system32\java.exe
2014-01-17 17:36 - 2014-01-17 17:36 - 00145408 _____ (Oracle Corporation) D:\WINDOWS\system32\javacpl.cpl
2014-01-17 17:36 - 2014-01-17 17:36 - 00094632 _____ (Oracle Corporation) D:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-17 17:36 - 2014-01-17 17:36 - 00000000 ____D D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2014-01-17 17:34 - 2014-01-17 17:35 - 00000000 ____D D:\Programme\Java Update 170114
2014-01-15 20:44 - 2014-01-15 20:44 - 00005074 _____ D:\WINDOWS\KB2914368.log
2014-01-15 20:44 - 2014-01-15 20:44 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2914368$
==================== One Month Modified Files and Folders =======
2014-01-27 10:26 - 2010-08-11 21:13 - 00000000 ____D D:\Programme\WLAN Monitor
2014-01-27 10:26 - 2010-07-31 08:53 - 02058621 _____ D:\WINDOWS\WindowsUpdate.log
2014-01-27 10:25 - 2010-09-26 11:55 - 00001084 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-27 10:25 - 2010-08-01 12:19 - 00002651 _____ D:\WINDOWS\BRMFBIDI.INI
2014-01-27 10:25 - 2010-07-31 02:15 - 00000159 _____ D:\WINDOWS\wiadebug.log
2014-01-27 10:25 - 2010-07-31 02:15 - 00000050 _____ D:\WINDOWS\wiaservc.log
2014-01-27 10:25 - 2010-07-31 01:33 - 00032322 _____ D:\WINDOWS\SchedLgU.Txt
2014-01-27 10:25 - 2010-07-31 01:33 - 00000300 ___SH D:\Dokumente und Einstellungen\Karim\ntuser.ini
2014-01-27 10:25 - 2010-07-31 01:28 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT
2014-01-27 10:19 - 2014-01-27 10:19 - 00000848 _____ D:\Dokumente und Einstellungen\Karim\Desktop\JRT.txt
2014-01-27 10:16 - 2010-07-31 02:09 - 00000000 ___RD D:\Programme
2014-01-27 10:09 - 2013-08-25 18:52 - 00000000 ____D D:\AdwCleaner
2014-01-27 10:09 - 2010-07-31 01:33 - 00000000 ____D D:\Dokumente und Einstellungen\Karim
2014-01-27 09:55 - 2013-04-10 20:54 - 00000884 _____ D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-27 09:44 - 2010-09-26 11:55 - 00001088 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 09:38 - 2014-01-27 09:38 - 00000000 ____D D:\FRST
2014-01-27 09:35 - 2013-08-25 18:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Desktop\VirProg
2014-01-26 22:03 - 2012-09-17 19:12 - 00000000 ____D D:\Programme\WLAN Quick-Starter
2014-01-26 20:53 - 2010-08-05 19:53 - 00000484 _____ D:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-01-26 09:01 - 2001-08-23 13:00 - 00002206 _____ D:\WINDOWS\system32\wpa.dbl
2014-01-18 19:07 - 2014-01-18 19:07 - 00000000 ____D D:\Programme\Neuer Ordner (2)
2014-01-18 18:58 - 2010-08-15 22:00 - 00056320 _____ D:\Dokumente und Einstellungen\Karim\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-18 18:47 - 2012-12-30 15:07 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Anwendungsdaten\WindSolutions
2014-01-18 18:41 - 2010-08-26 18:22 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Eigene Dateien\Bilder
2014-01-18 18:26 - 2014-01-18 17:42 - 00000000 ____D D:\Programme\Trnasferprogramm iphone
2014-01-18 17:51 - 2010-07-31 02:09 - 00000000 ___RD D:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-01-18 17:48 - 2014-01-18 17:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Lokale Einstellungen\Anwendungsdaten\4Videosoft Studio
2014-01-18 17:48 - 2014-01-18 17:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Eigene Dateien\4Videosoft Studio
2014-01-18 17:48 - 2014-01-18 17:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Anwendungsdaten\log
2014-01-18 17:48 - 2014-01-18 17:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Anwendungsdaten\libimobiledevice
2014-01-18 17:48 - 2014-01-18 17:48 - 00000000 ____D D:\Dokumente und Einstellungen\Karim\Anwendungsdaten\5502d96035c22d3426f32c64813b55d057fecd47
2014-01-18 15:08 - 2010-07-31 07:14 - 00002477 _____ D:\Dokumente und Einstellungen\Karim\Desktop\Word.lnk
2014-01-18 10:04 - 2010-07-31 07:26 - 00000776 _____ D:\WINDOWS\wincmd.ini
2014-01-18 08:58 - 2014-01-18 08:58 - 00000000 ____H D:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2014-01-18 08:58 - 2012-05-12 07:20 - 00012734 _____ D:\WINDOWS\setupact.log
2014-01-18 08:58 - 2012-05-09 22:12 - 00220672 _____ D:\WINDOWS\setupapi.log
2014-01-17 17:36 - 2014-01-17 17:36 - 00264616 _____ (Oracle Corporation) D:\WINDOWS\system32\javaws.exe
2014-01-17 17:36 - 2014-01-17 17:36 - 00175016 _____ (Oracle Corporation) D:\WINDOWS\system32\javaw.exe
2014-01-17 17:36 - 2014-01-17 17:36 - 00174504 _____ (Oracle Corporation) D:\WINDOWS\system32\java.exe
2014-01-17 17:36 - 2014-01-17 17:36 - 00145408 _____ (Oracle Corporation) D:\WINDOWS\system32\javacpl.cpl
2014-01-17 17:36 - 2014-01-17 17:36 - 00094632 _____ (Oracle Corporation) D:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-17 17:36 - 2014-01-17 17:36 - 00000000 ____D D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2014-01-17 17:35 - 2014-01-17 17:34 - 00000000 ____D D:\Programme\Java Update 170114
2014-01-15 20:48 - 2013-07-14 12:41 - 00000000 ____D D:\WINDOWS\system32\MRT
2014-01-15 20:45 - 2010-07-31 15:48 - 83425928 _____ (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe
2014-01-15 20:44 - 2014-01-15 20:44 - 00005074 _____ D:\WINDOWS\KB2914368.log
2014-01-15 20:44 - 2014-01-15 20:44 - 00000000 __HDC D:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 20:44 - 2012-05-12 07:20 - 00614707 _____ D:\WINDOWS\iis6.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00568840 _____ D:\WINDOWS\FaxSetup.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00271952 _____ D:\WINDOWS\ocgen.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00259566 _____ D:\WINDOWS\tsoc.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00188787 _____ D:\WINDOWS\comsetup.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00173590 _____ D:\WINDOWS\msmqinst.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00114224 _____ D:\WINDOWS\ntdtcsetup.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00099636 _____ D:\WINDOWS\netfxocm.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00039100 _____ D:\WINDOWS\MedCtrOC.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00031464 _____ D:\WINDOWS\ocmsn.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00028612 _____ D:\WINDOWS\tabletoc.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00028428 _____ D:\WINDOWS\msgsocm.log
2014-01-15 20:44 - 2012-05-12 07:20 - 00001374 _____ D:\WINDOWS\imsins.log
2014-01-15 19:31 - 2013-04-10 20:47 - 00002347 _____ D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
2014-01-04 10:00 - 2010-08-01 19:45 - 00000000 ____D D:\WINDOWS\system32\NtmsData
2014-01-04 09:49 - 2010-07-31 01:26 - 00000000 ____D D:\WINDOWS\Registration
2014-01-02 18:18 - 2012-05-09 22:12 - 01042770 _____ D:\WINDOWS\setupapi.log.1.old
Some content of TEMP:
====================
D:\Dokumente und Einstellungen\Karim\Lokale Einstellungen\Temp\avgnt.exe
D:\Dokumente und Einstellungen\Karim\Lokale Einstellungen\Temp\jre-7u25-windows-i586-iftw.exe
D:\Dokumente und Einstellungen\Karim\Lokale Einstellungen\Temp\jre-7u51-windows-i586-iftw.exe
D:\Dokumente und Einstellungen\Karim\Lokale Einstellungen\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
D:\Windows\explorer.exe
[2001-08-23 13:00] - [2008-04-14 03:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
D:\Windows\System32\winlogon.exe
[2001-08-23 13:00] - [2008-04-14 03:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
D:\Windows\System32\svchost.exe
[2001-08-23 13:00] - [2008-04-14 03:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
D:\Windows\System32\services.exe
[2001-08-23 13:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
D:\Windows\System32\User32.dll
[2001-08-23 13:00] - [2008-04-14 03:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
D:\Windows\System32\userinit.exe
[2001-08-23 13:00] - [2013-04-10 19:54] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
D:\Windows\System32\rpcss.dll
[2001-08-23 13:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
D:\Windows\System32\Drivers\volsnap.sys
[2001-08-23 13:00] - [2008-04-14 02:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
hier Schritt 4 :
Farbar Service Scanner Version: 08-01-2014
Ran by Karim (administrator) on 27-01-2014 at 10:55:49
Running from "D:\Dokumente und Einstellungen\Karim\Desktop\VirProg\VirProg270114"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
D:\WINDOWS\system32\dhcpcsvc.dll
[2001-08-23 13:00] - [2008-04-14 03:22] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360
D:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
D:\WINDOWS\system32\dnsrslvr.dll
[2001-08-23 13:00] - [2009-04-20 18:17] - 0045568 ____A (Microsoft Corporation) 407F3227AC618FD1CA54B335B083DE07
D:\WINDOWS\system32\ipnathlp.dll
[2001-08-23 13:00] - [2008-04-14 03:22] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF
D:\WINDOWS\system32\netman.dll
[2001-08-23 13:00] - [2008-04-14 03:22] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C
D:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-07-31 01:25] - [2008-04-14 03:22] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729
D:\WINDOWS\system32\srsvc.dll
[2010-07-31 01:27] - [2008-04-14 03:22] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182
D:\WINDOWS\system32\Drivers\sr.sys
[2010-07-31 01:27] - [2008-04-14 03:02] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F
D:\WINDOWS\system32\wscsvc.dll
[2010-07-31 08:37] - [2008-04-14 03:22] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D
D:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-07-31 01:25] - [2008-04-14 03:22] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729
D:\WINDOWS\system32\wuauserv.dll
[2010-07-31 01:25] - [2008-04-14 03:22] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085
D:\WINDOWS\system32\qmgr.dll
[2010-07-31 01:27] - [2008-04-14 03:22] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1
D:\WINDOWS\system32\es.dll
[2001-08-23 13:00] - [2008-07-07 21:26] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74
D:\WINDOWS\system32\cryptsvc.dll
[2001-08-23 13:00] - [2008-04-14 03:22] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D
D:\WINDOWS\system32\svchost.exe
[2001-08-23 13:00] - [2008-04-14 03:23] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366
D:\WINDOWS\system32\rpcss.dll
[2001-08-23 13:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B
D:\WINDOWS\system32\services.exe
[2001-08-23 13:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC
Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.
**** End of log ****
was nun? ;-)