Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!

FUXS · 29.12.2013, 15:09

Hallo zusammen,

mein System Win7 64bit Home.

Kann leider die abzuarbeitende Liste nicht durchführen, da ich kein Zugriff auf meinen PC bekomme. Sofort nach dem Start kommt der Sperrbildschirm.

Diese Nachricht schreibe ich von meinem Netbook - dass hat leider kein CD-Laufwerk.
Ich habe aber noch eine OTL-PE Boot-CD rumliegen und habe diese gestartet und OTL Laufen lassen - vielleicht kann man damit ja was anfangen.

OTL logfile created on: 12/29/2013 2:16:53 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.97 Mb Total Space | 73.96 Mb Free Space | 73.25% Space Free | Partition Type: NTFS
Drive D: | 405.27 Gb Total Space | 282.51 Gb Free Space | 69.71% Space Free | Partition Type: NTFS
Drive I: | 148.95 Gb Total Space | 85.16 Gb Free Space | 57.18% Space Free | Partition Type: NTFS
Drive J: | 60.38 Gb Total Space | 21.05 Gb Free Space | 34.86% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/12/26 05:35:05 | 000,061,024 | ---- | M] (Microsoft Corporation) [Auto] -- I:\ProgramData\odbmqjwmqg.zvv -- (Winmgmt)
SRV - [2013/12/20 14:29:08 | 000,166,352 | ---- | M] (APN LLC.) [Auto] -- I:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/12/17 09:09:09 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/17 09:08:22 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/11/25 12:58:31 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/11 15:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/23 02:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- I:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- I:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- I:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/08 17:13:18 | 050,921,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/10/10 15:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 07:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/21 08:55:00 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Auto] -- I:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 20:21:52 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto] -- I:\Windows\SysWOW64\ACFXAU64.dll -- (AcfXAudioService)
SRV - [2008/10/24 09:35:44 | 000,128,296 | ---- | M] () [Auto] -- I:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/17 09:09:20 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- I:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/12/17 09:09:20 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- I:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/11/25 13:00:25 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- I:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/08/28 20:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/04/04 08:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- I:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/09 10:38:52 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- I:\Windows\System32\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2012/06/09 10:38:50 | 000,633,296 | ---- | M] (Paragon) [Kernel | System] -- I:\Windows\System32\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2012/06/09 10:38:50 | 000,389,968 | ---- | M] (Paragon) [Kernel | System] -- I:\Windows\System32\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011/05/25 02:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/26 15:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/30 04:09:50 | 000,653,312 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010/03/25 10:52:26 | 000,154,880 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/09/01 22:26:18 | 000,123,008 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ACFVA64.sys -- (acfva)
DRV:64bit: - [2009/07/13 19:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:36:03 | 000,899,328 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- I:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/28 20:21:44 | 000,034,944 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ACFDCP64.sys -- (dgcfltr)
DRV:64bit: - [2009/04/28 20:21:36 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- I:\Windows\System32\drivers\ACFXAU64.sys -- (XAudio)
DRV:64bit: - [2007/05/06 20:00:00 | 000,081,920 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- I:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2007/03/15 01:08:46 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto] -- I:\Windows\System32\drivers\ACFSDK64.sys -- (mdmxsdk)
DRV - [2011/09/08 10:50:50 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot] -- I:\Windows\SysWOW64\drivers\PzWDM.sys -- (PzWDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.comhxxp://www.tecstore.net [binary data]
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.de/
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 0B B6 DB F7 6B CC 01 [binary data]
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\*****_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:1.9a9pre

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: I:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: I:\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: I:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: I:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: I:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: I:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

[2012/11/04 05:41:38 | 000,000,000 | ---D | M] (No name found) -- I:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2012/11/04 05:41:38 | 000,000,000 | ---D | M] (No name found) -- I:\Users\*****\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2013/10/31 12:09:09 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- I:\PROGRAM FILES (X86)\XXXL_KUECHENPLANER\PRISM\EXTENSIONS\INSPECTOR@MOZILLA.ORG

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - I:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BCSSync] I:\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] I:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnTBMon] I:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [avgnt] I:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] I:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] I:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MBBalloon] I:\Program Files (x86)\HOTALBUMMyBOX\MBBalloon.exe (PLANNING Co., Ltd.)
O4 - HKU\*****_ON_I..\Run: [AmazonMP3DownloaderHelper] I:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKU\*****_ON_I..\Run: [NetworkIndicator] I:\Program Files (x86)\network-activity-indicator1.5\NetworkIndicator.exe (ITSamples.com)
O4 - HKU\LocalService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_I..\RunOnce: [mctadmin] File not found
O4 - Startup: I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK ()
O4 - Startup: I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk ()
O4 - Startup: I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - I:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - I:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\Program Files (x86)\Frontpage2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - *****_ON_I\..Trusted Domains: bnhof.de ([www] https in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.13.2)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - I:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/10 12:49:36 | 000,000,000 | ---D | M] - D:\Auto privat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{011a46d3-d7d5-11e0-8fa1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{011a46d3-d7d5-11e0-8fa1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/12/26 11:04:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- I:\Windows\System32\drivers\mbam.sys
[2013/12/26 11:04:41 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/26 05:35:05 | 000,061,024 | ---- | C] (Microsoft Corporation) -- I:\ProgramData\odbmqjwmqg.zvv
[2013/12/26 05:34:58 | 000,227,840 | ---- | C] (hxxp://tortoisesvn.net) -- I:\ProgramData\gqmwjqmbdo.jss
[2013/12/20 16:45:08 | 000,000,000 | -HSD | C] -- I:\Config.Msi
[2013/12/16 10:39:20 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/12 12:02:35 | 012,625,920 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wmploc.DLL
[2013/12/12 12:02:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wmploc.DLL
[2013/12/12 12:02:35 | 011,410,432 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wmp.dll
[2013/12/12 12:02:34 | 014,631,424 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wmp.dll
[2013/12/12 12:01:03 | 000,574,976 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2013/12/12 12:01:03 | 000,440,832 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll
[2013/12/12 12:01:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieetwcollectorres.dll
[2013/12/12 12:01:02 | 000,708,608 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9diag.dll
[2013/12/12 12:01:02 | 000,553,472 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 12:01:02 | 000,218,624 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ie4uinit.exe
[2013/12/12 12:01:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieUnatt.exe
[2013/12/12 12:01:02 | 000,111,616 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieetwcollector.exe
[2013/12/12 12:01:02 | 000,066,048 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iesetup.dll
[2013/12/12 12:01:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieetwproxystub.dll
[2013/12/12 12:01:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iernonce.dll
[2013/12/12 12:01:01 | 000,817,664 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieapfltr.dll
[2013/12/12 12:01:01 | 000,703,488 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 12:01:00 | 001,995,264 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl
[2013/12/12 12:01:00 | 001,928,192 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 12:00:58 | 005,769,216 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2013/12/12 12:00:58 | 004,243,968 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9.dll
[2013/12/12 11:51:58 | 000,465,920 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WMPhoto.dll
[2013/12/12 11:51:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\WMPhoto.dll
[2013/12/12 11:51:38 | 000,335,360 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msieftp.dll
[2013/12/12 11:51:38 | 000,301,568 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msieftp.dll
[2013/12/12 11:51:37 | 000,202,752 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\scrrun.dll
[2013/12/12 11:51:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\scrrun.dll
[2013/12/12 11:51:37 | 000,156,160 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\cscript.exe
[2013/12/12 11:51:37 | 000,150,016 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wshom.ocx
[2013/12/12 11:51:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\cscript.exe
[2013/12/12 11:51:37 | 000,121,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wshom.ocx
[2013/12/12 11:51:36 | 000,230,400 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\portcls.sys
[2013/12/12 11:51:36 | 000,159,232 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\imagehlp.dll
[2013/12/12 11:51:36 | 000,116,736 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\drmk.sys
[2013/12/12 11:51:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\imagehlp.dll
[2013/12/08 03:50:17 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\Adobe
[2007/08/13 10:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- I:\Users\*****\AppData\Local\CDRip.dll
[2007/01/18 14:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- I:\Users\*****\AppData\Local\No23 Recorder.exe
[2006/12/11 12:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- I:\Users\*****\AppData\Local\basscd.dll
[2006/12/11 12:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- I:\Users\*****\AppData\Local\bass.dll

========== Files - Modified Within 30 Days ==========

[2013/12/29 03:36:21 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2013/12/29 03:35:05 | 3213,467,648 | -HS- | M] () -- I:\hiberfil.sys
[2013/12/29 02:33:37 | 095,025,368 | ---- | M] () -- I:\ProgramData\odbmqjwmqg.fee
[2013/12/29 02:33:31 | 000,000,000 | ---- | M] () -- I:\ProgramData\odbmqjwmqg.odd
[2013/12/29 02:32:59 | 000,001,116 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/27 07:40:48 | 000,021,184 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/27 07:40:48 | 000,021,184 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/27 07:36:00 | 000,001,120 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 12:39:47 | 000,000,297 | ---- | M] () -- I:\ProgramData\odbmqjwmqg.reg
[2013/12/26 12:32:45 | 000,702,980 | ---- | M] () -- I:\Windows\System32\perfh007.dat
[2013/12/26 12:32:45 | 000,657,212 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2013/12/26 12:32:45 | 000,150,620 | ---- | M] () -- I:\Windows\System32\perfc007.dat
[2013/12/26 12:32:45 | 000,123,024 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2013/12/26 10:54:56 | 001,928,716 | ---- | M] (Farbar) -- I:\Users\*****\Desktop\FRST64.exe
[2013/12/26 05:35:05 | 000,061,024 | ---- | M] (Microsoft Corporation) -- I:\ProgramData\odbmqjwmqg.zvv
[2013/12/26 05:35:01 | 000,001,039 | ---- | M] () -- I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk
[2013/12/26 05:34:58 | 000,227,840 | ---- | M] (hxxp://tortoisesvn.net) -- I:\ProgramData\gqmwjqmbdo.jss
[2013/12/24 05:03:06 | 000,278,621 | ---- | M] () -- I:\Users\*****\Documents\frohe-weihnachten.jpg
[2013/12/23 12:41:14 | 000,000,534 | ---- | M] () -- I:\Users\*****\AppData\Roaming\burnaware.ini
[2013/12/17 09:09:20 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Windows\System32\drivers\avgntflt.sys
[2013/12/17 09:09:20 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Windows\System32\drivers\avnetflt.sys
[2013/12/16 10:39:20 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/15 03:53:06 | 000,000,579 | ---- | M] () -- I:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website
[2013/12/12 12:33:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/12 12:33:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/12 12:29:36 | 000,419,528 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2013/12/10 12:09:22 | 000,000,432 | ---- | M] () -- I:\Windows\BRWMARK.INI
[2013/12/08 03:50:26 | 000,002,441 | ---- | M] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/12/06 14:03:52 | 000,014,305 | ---- | M] () -- I:\Users\*****\Documents\Mitgliederliste.pdf
[2013/12/03 13:36:18 | 001,602,788 | ---- | M] () -- I:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/12/26 05:35:53 | 000,000,297 | ---- | C] () -- I:\ProgramData\odbmqjwmqg.reg
[2013/12/26 05:35:01 | 000,001,039 | ---- | C] () -- I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk
[2013/12/26 05:35:01 | 000,000,000 | ---- | C] () -- I:\ProgramData\odbmqjwmqg.odd
[2013/12/26 05:34:58 | 095,025,368 | ---- | C] () -- I:\ProgramData\odbmqjwmqg.fee
[2013/12/24 05:04:50 | 000,278,621 | ---- | C] () -- I:\Users\*****\Documents\frohe-weihnachten.jpg
[2013/12/22 06:23:06 | 000,120,416 | ---- | C] () -- I:\Users\*****\Documents\eBay Kaufbestätigung.pdf
[2013/12/08 03:50:26 | 000,002,441 | ---- | C] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/12/08 03:29:43 | 000,000,579 | ---- | C] () -- I:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website
[2013/12/06 14:03:51 | 000,014,305 | ---- | C] () -- I:\Users\*****\Documents\Mitgliederliste.pdf
[2013/11/28 11:26:19 | 001,602,788 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/30 06:16:31 | 000,000,534 | ---- | C] () -- I:\Users\*****\AppData\Roaming\burnaware.ini
[2012/12/08 09:29:58 | 000,000,001 | ---- | C] () -- I:\Users\*****\AppData\Local\llftool.4.12.agreement
[2012/05/19 01:26:18 | 000,002,213 | ---- | C] () -- I:\Windows\HCWPNP.INI
[2012/02/29 17:19:30 | 000,000,209 | ---- | C] () -- I:\Windows\ODBCINST.INI
[2012/02/29 17:18:51 | 000,037,639 | ---- | C] () -- I:\Windows\Irremote.ini
[2012/02/29 17:18:28 | 000,142,337 | ---- | C] () -- I:\Windows\SysWow64\Wait.exe
[2011/10/07 08:43:28 | 000,001,475 | ---- | C] () -- I:\Users\*****\AppData\Local\RecConfig.xml
[2011/10/07 08:42:00 | 000,003,584 | ---- | C] () -- I:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/08 10:50:47 | 000,091,923 | ---- | C] () -- I:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/09/08 10:50:47 | 000,076,956 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern2.dat
[2011/09/08 10:50:47 | 000,039,121 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern1.dat
[2011/09/08 10:50:47 | 000,027,965 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_JP.dat
[2011/09/06 14:19:26 | 000,000,507 | ---- | C] () -- I:\Windows\ODBC.INI
[2011/09/06 09:20:52 | 000,000,010 | ---- | C] () -- I:\Windows\GSetup.ini
[2011/09/06 08:16:30 | 000,000,017 | ---- | C] () -- I:\Users\*****\AppData\Local\resmon.resmoncfg
[2011/09/05 17:34:50 | 000,303,104 | ---- | C] () -- I:\Windows\Uninstall_tkexe.exe
[2011/09/05 15:44:16 | 000,000,432 | ---- | C] () -- I:\Windows\BRWMARK.INI
[2011/09/05 15:44:16 | 000,000,034 | ---- | C] () -- I:\Windows\SysWow64\BD7025.DAT
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- I:\Windows\GSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat
[2007/08/13 10:46:00 | 000,155,136 | ---- | C] () -- I:\Users\*****\AppData\Local\lame_enc.dll
[2006/10/25 18:06:48 | 000,064,000 | ---- | C] () -- I:\Users\*****\AppData\Local\vorbisenc.dll
[2006/10/25 18:06:48 | 000,019,456 | ---- | C] () -- I:\Users\*****\AppData\Local\vorbisfile.dll
[2006/10/25 18:06:46 | 000,143,872 | ---- | C] () -- I:\Users\*****\AppData\Local\vorbis.dll
[2006/10/25 18:06:36 | 000,015,872 | ---- | C] () -- I:\Users\*****\AppData\Local\ogg.dll
[2005/08/23 15:34:06 | 000,029,184 | ---- | C] () -- I:\Users\*****\AppData\Local\no23xwrapper.dll
[2002/03/04 03:16:34 | 000,110,592 | R--- | C] () -- I:\Windows\SysWow64\Jpeg32.dll

========== LOP Check ==========

[2013/05/12 05:33:42 | 000,000,000 | ---D | M] -- I:\ProgramData\AAV
[2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2013/09/26 09:37:38 | 000,000,000 | ---D | M] -- I:\ProgramData\APN
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2013/09/26 09:37:58 | 000,000,000 | ---D | M] -- I:\ProgramData\AskPartnerNetwork
[2012/10/23 17:13:53 | 000,000,000 | -H-D | M] -- I:\ProgramData\Common Files
[2012/12/08 11:04:40 | 000,000,000 | ---D | M] -- I:\ProgramData\copypart
[2012/12/08 11:00:08 | 000,000,000 | ---D | M] -- I:\ProgramData\createpart
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2012/02/19 04:53:45 | 000,000,000 | ---D | M] -- I:\ProgramData\eBay
[2012/12/08 10:48:18 | 000,000,000 | ---D | M] -- I:\ProgramData\explauncher
[2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2013/12/22 06:23:08 | 000,000,000 | ---D | M] -- I:\ProgramData\FreePDF
[2011/09/05 13:15:16 | 000,000,000 | ---D | M] -- I:\ProgramData\G DATA
[2012/02/29 17:20:07 | 000,000,000 | ---D | M] -- I:\ProgramData\Hauppauge
[2011/09/05 16:34:03 | 000,000,000 | ---D | M] -- I:\ProgramData\ISDNWatch
[2012/12/08 10:59:29 | 000,000,000 | ---D | M] -- I:\ProgramData\launcher
[2012/01/28 13:04:45 | 000,000,000 | ---D | M] -- I:\ProgramData\NCH Swift Sound
[2012/03/22 10:08:10 | 000,000,000 | ---D | M] -- I:\ProgramData\Nitro PDF
[2013/01/15 10:27:02 | 000,000,000 | ---D | M] -- I:\ProgramData\Spamihilator
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2011/09/11 09:27:00 | 000,000,000 | ---D | M] -- I:\ProgramData\T-Online
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2013/09/29 11:37:31 | 000,000,000 | ---D | M] -- I:\ProgramData\TuneUp Software
[2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2013/09/29 11:55:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/09/29 11:55:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/12/29 02:33:25 | 000,032,632 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2013/11/11 12:55:45 | 103,792,856 | ---- | M] ()(I:\Windows\SysWow64\h??) -- I:\Windows\SysWow64\ℎά
[2013/11/11 12:55:45 | 103,792,856 | ---- | C] ()(I:\Windows\SysWow64\h??) -- I:\Windows\SysWow64\ℎά
< End of report >

Gruß
FUXS

schrauber · 29.12.2013, 18:14

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

FUXS · 29.12.2013, 19:48

Hallo Schrauber,

Sorry, dass mit den CODE-Tags hab ich übersehen, war keine Absicht.

Booten über F8 geht bei mir nicht - kommt immer ne Meldung: System kann nicht gestartet werden, vermutlich wurde Hardwaretausch vorgenommen ....... legen sie die windows CD ein....

Mit CD hats funktioniert:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013
Ran by SYSTEM on MININT-43AV1FS on 29-12-2013 19:36:59
Running from M:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - C:\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [MBBalloon] - C:\Program Files (x86)\HOTALBUMMyBOX\MBBalloon.exe [794464 2008-07-15] (PLANNING Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKU\*****\...\Run: [NetworkIndicator] - C:\Program Files (x86)\network-activity-indicator1.5\NetworkIndicator.exe [192512 2010-06-30] (ITSamples.com)
HKU\*****\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk
ShortcutTarget: odbmqjwmqg.lnk -> C:\ProgramData\gqmwjqmbdo.jss (hxxp://tortoisesvn.net)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)

==================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
S2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-05-21] (Hauppauge Computer Works)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Microsoft Office\Office14\GROOVE.EXE [50921648 2013-03-08] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\odbmqjwmqg.zvv [61024 2013-12-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [81920 2007-05-07] (AVM GmbH)
S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.)
S3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)
S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
S0 PzWDM; C:\Windows\SysWow64\Drivers\PzWDM.sys [15172 2011-09-08] (Prassi Technology)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-06-09] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-09] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-09] (Paragon)
S2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\00016E2D\tswnt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-26 17:04 - 2013-12-26 17:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-26 17:04 - 2013-12-26 17:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 17:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-12-26 16:59 - 2013-12-26 16:54 - 01928716 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-12-26 11:35 - 2013-12-29 17:51 - 00000000 _____ C:\ProgramData\odbmqjwmqg.odd
2013-12-26 11:35 - 2013-12-26 18:39 - 00000297 _____ C:\ProgramData\odbmqjwmqg.reg
2013-12-26 11:35 - 2013-12-26 11:35 - 00061024 ____T (Microsoft Corporation) C:\ProgramData\odbmqjwmqg.zvv
2013-12-26 11:34 - 2013-12-29 17:51 - 95025368 ____T C:\ProgramData\odbmqjwmqg.fee
2013-12-26 11:34 - 2013-12-26 11:34 - 00227840 _____ (hxxp://tortoisesvn.net) C:\ProgramData\gqmwjqmbdo.jss
2013-12-13 13:51 - 2013-12-22 19:08 - 00129536 _____ C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung.xls
2013-12-12 18:02 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-12 18:02 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-12 18:02 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 18:02 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 18:01 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-12 18:01 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-12 18:01 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-12 18:01 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-12 18:01 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-12 18:01 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-12 18:01 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-12 18:01 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-12 18:01 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 18:01 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-12 18:01 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-12 18:01 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-12 18:01 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-12 18:01 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-12 18:01 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 18:01 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 18:01 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 18:01 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 18:01 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-12 18:01 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-12 18:01 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 18:01 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-12 18:01 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-12 18:01 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-12 18:01 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 18:01 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 18:01 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 18:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 18:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-12 18:00 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 18:00 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 17:51 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 17:51 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-12 17:51 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-12 17:51 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 17:51 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-12 17:51 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 17:51 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-12 17:51 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-12 17:51 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 17:51 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-12 17:51 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-12 17:51 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 17:51 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 17:51 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-12 17:51 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-12 17:51 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 17:51 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 17:51 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-12 17:51 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 ____D C:\Users\*****\Downloads\Anlagen
2013-12-08 09:50 - 2013-12-08 09:50 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-08 09:29 - 2013-12-15 09:53 - 00000579 _____ C:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website

==================== One Month Modified Files and Folders =======

2013-12-29 20:19 - 2013-11-16 20:58 - 00086326 _____ C:\OTL.Txt
2013-12-29 17:54 - 2011-09-02 14:04 - 02007037 _____ C:\Windows\WindowsUpdate.log
2013-12-29 17:54 - 2009-07-14 05:45 - 00021184 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-29 17:54 - 2009-07-14 05:45 - 00021184 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-29 17:52 - 2012-04-15 12:44 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-29 17:52 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-29 17:52 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-29 17:51 - 2013-12-26 11:35 - 00000000 _____ C:\ProgramData\odbmqjwmqg.odd
2013-12-29 17:51 - 2013-12-26 11:34 - 95025368 ____T C:\ProgramData\odbmqjwmqg.fee
2013-12-29 17:51 - 2011-09-06 23:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\Spamihilator
2013-12-29 17:51 - 2011-09-06 20:49 - 00000000 ____D C:\Users\*****\Documents\Scanner
2013-12-29 17:50 - 2013-09-30 16:10 - 00005488 _____ C:\Windows\setupact.log
2013-12-29 17:50 - 2012-10-30 22:58 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-27 13:36 - 2012-04-15 12:44 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 13:35 - 2012-08-28 22:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4286CDE0-0D99-4CC4-99D3-D10049ECD048}
2013-12-26 18:39 - 2013-12-26 11:35 - 00000297 _____ C:\ProgramData\odbmqjwmqg.reg
2013-12-26 18:32 - 2010-11-21 07:50 - 00702980 _____ C:\Windows\System32\perfh007.dat
2013-12-26 18:32 - 2010-11-21 07:50 - 00150620 _____ C:\Windows\System32\perfc007.dat
2013-12-26 18:32 - 2009-07-14 06:13 - 01629444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-26 17:04 - 2013-12-26 17:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-26 17:04 - 2013-12-26 17:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 16:54 - 2013-12-26 16:59 - 01928716 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-12-26 11:35 - 2013-12-26 11:35 - 00061024 ____T (Microsoft Corporation) C:\ProgramData\odbmqjwmqg.zvv
2013-12-26 11:34 - 2013-12-26 11:34 - 00227840 _____ (hxxp://tortoisesvn.net) C:\ProgramData\gqmwjqmbdo.jss
2013-12-26 10:08 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-24 11:06 - 2011-09-08 16:49 - 00000000 ____D C:\Program Files (x86)\HOTALBUMMyBOX
2013-12-23 18:41 - 2013-10-30 12:16 - 00000534 _____ C:\Users\*****\AppData\Roaming\burnaware.ini
2013-12-22 19:08 - 2013-12-13 13:51 - 00129536 _____ C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung.xls
2013-12-22 12:23 - 2011-09-05 23:29 - 00000000 ____D C:\ProgramData\FreePDF
2013-12-22 12:22 - 2011-09-05 23:32 - 00019740 _____ C:\fpRedmon.log
2013-12-17 15:15 - 2011-09-06 20:37 - 00000474 _____ C:\Users\*****\Desktop\Frankenpost  ePaper.website
2013-12-17 15:09 - 2013-09-26 15:36 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-12-17 15:09 - 2013-09-26 15:36 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-12-17 15:09 - 2013-05-07 17:58 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-12-16 16:39 - 2012-04-21 16:51 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 16:39 - 2012-04-15 12:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-16 15:57 - 2011-09-05 23:32 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-12-16 07:12 - 2013-06-28 20:44 - 00000000 ____D C:\Users\*****\mobileX
2013-12-15 09:53 - 2013-12-08 09:29 - 00000579 _____ C:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website
2013-12-14 17:37 - 2011-09-06 20:49 - 00000000 ____D C:\Users\*****\Documents\Kalender
2013-12-13 15:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 18:33 - 2013-09-07 13:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 18:33 - 2013-09-07 13:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 18:29 - 2009-07-14 05:45 - 00419528 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-12 18:01 - 2011-09-05 20:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 17:59 - 2013-08-24 22:16 - 00000000 ____D C:\Windows\System32\MRT
2013-12-12 17:57 - 2011-09-05 19:39 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 ____D C:\Users\*****\Downloads\Anlagen
2013-12-10 18:09 - 2011-09-05 21:44 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-12-08 19:10 - 2013-09-30 16:09 - 00134890 _____ C:\Windows\PFRO.log
2013-12-08 09:50 - 2013-12-08 09:50 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-08 09:50 - 2011-09-05 21:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-08 09:50 - 2011-09-05 21:18 - 00000000 ____D C:\ProgramData\Adobe
2013-12-07 14:31 - 2012-04-15 12:44 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 14:31 - 2012-04-15 12:44 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 19:36 - 2013-11-28 17:26 - 01602788 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-01 11:06 - 2011-10-03 18:23 - 00000000 ____D C:\Users\*****\AppData\Local\FreePDF_XP

Files to move or delete:
====================
C:\ProgramData\odbmqjwmqg.reg


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\switchsetup.exe
C:\Users\*****\AppData\Local\Temp\uninst.exe
C:\Users\*****\AppData\Local\Temp\~tmf8994311020420476142.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-12-12 17:55:51
Restore point made on: 2013-12-14 16:19:39
Restore point made on: 2013-12-14 16:51:01
Restore point made on: 2013-12-20 00:10:48
Restore point made on: 2013-12-23 08:14:26
Restore point made on: 2013-12-26 11:43:28
Restore point made on: 2013-12-26 12:52:44

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4086.14 MB
Available physical RAM: 3422.26 MB
Total Pagefile: 4084.29 MB
Available Pagefile: 3421.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:148.95 GB) (Free:85.05 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Brenner) (Fixed) (Total:60.38 GB) (Free:21.05 GB) NTFS
Drive g: (GRMCHPXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
Drive m: (VOYAGER) (Removable) (Total:3.72 GB) (Free:2.8 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Daten) (Fixed) (Total:405.27 GB) (Free:282.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FAB8CDC7)
Partition 1: (Not Active) - (Size=405 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 930D6F7E)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 4 GB) (Disk ID: FFC55C50)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-12-20 16:06

==================== End Of Log ============================

--- --- ---

Gruß
FUXS

schrauber · 30.12.2013, 11:21

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk
ShortcutTarget: odbmqjwmqg.lnk -> C:\ProgramData\gqmwjqmbdo.jss (hxxp://tortoisesvn.net)
S2 Winmgmt; C:\ProgramData\odbmqjwmqg.zvv [61024 2013-12-26] (Microsoft Corporation)
2013-12-26 11:35 - 2013-12-29 17:51 - 00000000 _____ C:\ProgramData\odbmqjwmqg.odd
2013-12-26 11:35 - 2013-12-26 18:39 - 00000297 _____ C:\ProgramData\odbmqjwmqg.reg
2013-12-26 11:35 - 2013-12-26 11:35 - 00061024 ____T (Microsoft Corporation) C:\ProgramData\odbmqjwmqg.zvv
2013-12-26 11:34 - 2013-12-29 17:51 - 95025368 ____T C:\ProgramData\odbmqjwmqg.fee
2013-12-26 11:34 - 2013-12-26 11:34 - 00227840 _____ (hxxp://tortoisesvn.net) C:\ProgramData\gqmwjqmbdo.jss

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten, freuen

FUXS · 30.12.2013, 13:01

Hallo Schrauber,

ich glaub ich hab was falsch gemacht :-(
Habe in deiner Textdatei die ***** nicht mit dem eigentlichen Namen ersetzt!
Ist das schlimm? Muß ich die frst64.exe im Reparaturmodus noch mal starten?

PC ist gestartet und bringt folgende Fehlermeldung:
Problem beim Starten von C:\Progra~3\gqmwjqmbdo.jss - Das angegebene Modul kann nicht gefunden werden

Hier die Logdatei:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013
Ran by SYSTEM at 2013-12-30 12:23:51 Run:1
Running from M:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk
ShortcutTarget: odbmqjwmqg.lnk -> C:\ProgramData\gqmwjqmbdo.jss (hxxp://tortoisesvn.net)
S2 Winmgmt; C:\ProgramData\odbmqjwmqg.zvv [61024 2013-12-26] (Microsoft Corporation)
2013-12-26 11:35 - 2013-12-29 17:51 - 00000000 _____ C:\ProgramData\odbmqjwmqg.odd
2013-12-26 11:35 - 2013-12-26 18:39 - 00000297 _____ C:\ProgramData\odbmqjwmqg.reg
2013-12-26 11:35 - 2013-12-26 11:35 - 00061024 ____T (Microsoft Corporation) C:\ProgramData\odbmqjwmqg.zvv
2013-12-26 11:34 - 2013-12-29 17:51 - 95025368 ____T C:\ProgramData\odbmqjwmqg.fee
2013-12-26 11:34 - 2013-12-26 11:34 - 00227840 _____ (hxxp://tortoisesvn.net) C:\ProgramData\gqmwjqmbdo.jss

*****************

C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk not found.
C:\ProgramData\gqmwjqmbdo.jss => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\odbmqjwmqg.odd => Moved successfully.
C:\ProgramData\odbmqjwmqg.reg => Moved successfully.
C:\ProgramData\odbmqjwmqg.zvv => Moved successfully.
C:\ProgramData\odbmqjwmqg.fee => Moved successfully.
"C:\ProgramData\gqmwjqmbdo.jss" => File/Directory not found.

==== End of Fixlog ====

Gruß
Fux

schrauber · 31.12.2013, 08:12

Hast Du den Fix nochmal gemacht nach Ersetzen deines Names? Also jetzt startet der PC?

Dann ab jetzt alles im normalen MOdus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FUXS · 31.12.2013, 10:51

Hallo Schrauber,

habe den Fix nochmal gestartet.
PC startet normal.

Nach Frst64 habe ich aber keine Addition.txt - Datei erhalten/gefunden.

Hier die FRST.txt

Gruß
FUX

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by ***** (administrator) on FUX on 31-12-2013 10:42:29
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\MDM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ITSamples.com) C:\Program Files (x86)\network-activity-indicator1.5\NetworkIndicator.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!\IWatch.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - C:\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [MBBalloon] - C:\Program Files (x86)\HOTALBUMMyBOX\MBBalloon.exe [794464 2008-07-15] (PLANNING Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKCU\...\Run: [NetworkIndicator] - C:\Program Files (x86)\network-activity-indicator1.5\NetworkIndicator.exe [192512 2010-06-30] (ITSamples.com)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
MountPoints2: {011a46d3-d7d5-11e0-8fa1-806e6f6e6963} - F:\reatogoMenu.exe
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com
hxxp://www.tecstore.net
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC20BB6DBF76BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {00ABEE1F-72B2-4CC2-9B1D-334CCF0AC432} URL = 
SearchScopes: HKCU - {35825C99-56CB-4DBB-8A28-34550A6D3B7F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{C8375703-30A4-47D3-B268-CEB4C754A9FD}: [NameServer]217.237.151.115,217.237.148.102

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-05-21] (Hauppauge Computer Works)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Microsoft Office\Office14\GROOVE.EXE [50921648 2013-03-08] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [81920 2007-05-07] (AVM GmbH)
S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)
S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
S0 PzWDM; C:\Windows\SysWow64\Drivers\PzWDM.sys [15172 2011-09-08] (Prassi Technology)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-06-09] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-09] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-09] (Paragon)
R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\00016E2D\tswnt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-31 10:42 - 2013-12-31 10:42 - 00012309 _____ C:\Users\*****\Desktop\FRST.txt
2013-12-26 17:04 - 2013-12-26 17:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-26 17:04 - 2013-12-26 17:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 17:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-26 16:59 - 2013-12-31 10:41 - 01931302 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-12-13 13:51 - 2013-12-22 19:08 - 00129536 _____ C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung.xls
2013-12-12 18:02 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 18:02 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 18:02 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 18:02 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 18:01 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 18:01 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 18:01 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 18:01 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 18:01 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 18:01 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 18:01 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 18:01 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 18:01 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 18:01 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 18:01 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 18:01 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 18:01 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 18:01 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 18:01 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 18:01 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 18:01 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 18:01 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 18:01 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 18:01 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 18:01 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 18:01 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 18:01 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 18:01 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 18:01 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 18:01 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 18:01 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 18:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 18:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 18:00 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 18:00 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 17:51 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 17:51 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 17:51 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 17:51 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 17:51 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 17:51 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 17:51 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 17:51 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 17:51 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 17:51 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 17:51 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 17:51 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 17:51 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 17:51 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 17:51 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 17:51 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 17:51 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 17:51 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 17:51 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 ____D C:\Users\*****\Downloads\Anlagen
2013-12-08 09:50 - 2013-12-08 09:50 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-08 09:29 - 2013-12-15 09:53 - 00000579 _____ C:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website

==================== One Month Modified Files and Folders =======

2013-12-31 10:43 - 2013-12-31 10:42 - 00012309 _____ C:\Users\*****\Desktop\FRST.txt
2013-12-31 10:41 - 2013-12-26 16:59 - 01931302 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-12-31 10:40 - 2011-09-06 23:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\Spamihilator
2013-12-31 10:39 - 2013-09-30 16:10 - 00005656 _____ C:\Windows\setupact.log
2013-12-31 10:39 - 2012-10-30 22:58 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-31 10:39 - 2012-04-15 12:44 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-31 10:39 - 2011-09-06 20:49 - 00000000 ____D C:\Users\*****\Documents\Scanner
2013-12-31 10:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-31 10:37 - 2011-09-05 14:50 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-31 10:08 - 2011-09-02 14:04 - 02020411 _____ C:\Windows\WindowsUpdate.log
2013-12-31 10:05 - 2010-11-21 07:50 - 00702980 _____ C:\Windows\system32\perfh007.dat
2013-12-31 10:05 - 2010-11-21 07:50 - 00150620 _____ C:\Windows\system32\perfc007.dat
2013-12-31 10:05 - 2009-07-14 06:13 - 01629444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-31 09:36 - 2012-04-15 12:44 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-30 13:08 - 2009-07-14 05:45 - 00021184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-30 13:08 - 2009-07-14 05:45 - 00021184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-29 20:19 - 2013-11-16 20:58 - 00086326 _____ C:\OTL.Txt
2013-12-29 17:52 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-27 13:35 - 2012-08-28 22:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4286CDE0-0D99-4CC4-99D3-D10049ECD048}
2013-12-26 17:04 - 2013-12-26 17:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-26 17:04 - 2013-12-26 17:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 10:08 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-24 11:06 - 2011-09-08 16:49 - 00000000 ____D C:\Program Files (x86)\HOTALBUMMyBOX
2013-12-23 18:41 - 2013-10-30 12:16 - 00000534 _____ C:\Users\*****\AppData\Roaming\burnaware.ini
2013-12-22 19:08 - 2013-12-13 13:51 - 00129536 _____ C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung.xls
2013-12-22 12:23 - 2011-09-05 23:29 - 00000000 ____D C:\ProgramData\FreePDF
2013-12-22 12:22 - 2011-09-05 23:32 - 00019740 _____ C:\fpRedmon.log
2013-12-17 15:15 - 2011-09-06 20:37 - 00000474 _____ C:\Users\*****\Desktop\Frankenpost  ePaper.website
2013-12-17 15:09 - 2013-09-26 15:36 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 15:09 - 2013-09-26 15:36 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 15:09 - 2013-05-07 17:58 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-16 16:39 - 2012-04-21 16:51 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 16:39 - 2012-04-15 12:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-16 15:57 - 2011-09-05 23:32 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-12-16 07:12 - 2013-06-28 20:44 - 00000000 ____D C:\Users\*****\mobileX
2013-12-15 09:53 - 2013-12-08 09:29 - 00000579 _____ C:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website
2013-12-14 17:37 - 2011-09-06 20:49 - 00000000 ____D C:\Users\*****\Documents\Kalender
2013-12-13 15:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 18:33 - 2013-09-07 13:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 18:33 - 2013-09-07 13:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 18:29 - 2009-07-14 05:45 - 00419528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 18:01 - 2011-09-05 20:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 17:59 - 2013-08-24 22:16 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 17:57 - 2011-09-05 19:39 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 ____D C:\Users\*****\Downloads\Anlagen
2013-12-10 18:09 - 2011-09-05 21:44 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-12-08 19:10 - 2013-09-30 16:09 - 00134890 _____ C:\Windows\PFRO.log
2013-12-08 09:50 - 2013-12-08 09:50 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-08 09:50 - 2011-09-05 21:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-08 09:50 - 2011-09-05 21:18 - 00000000 ____D C:\ProgramData\Adobe
2013-12-07 14:31 - 2012-04-15 12:44 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 14:31 - 2012-04-15 12:44 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 19:36 - 2013-11-28 17:26 - 01602788 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-01 11:06 - 2011-10-03 18:23 - 00000000 ____D C:\Users\*****\AppData\Local\FreePDF_XP

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\switchsetup.exe
C:\Users\*****\AppData\Local\Temp\uninst.exe
C:\Users\*****\AppData\Local\Temp\~tmf8994311020420476142.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 13:20

==================== End Of Log ============================

--- --- ---

schrauber · 01.01.2014, 12:45

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

FUXS · 02.01.2014, 17:58

Hallo Schrauber,

wünsche Dir ein fohes neues Jahr!

der PC ist ohne Fehlermeldung gestartet.

Gruß
FUXS

Code:

ATTFilter

ComboFix 14-01-01.01 - ***** 02.01.2014  17:02:05.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4086.2491 [GMT 1:00]
ausgeführt von:: c:\users\Hans-J³rgen\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-12-02 bis 2014-01-02  ))))))))))))))))))))))))))))))
.
.
2014-01-02 16:11 . 2014-01-02 16:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-01-02 16:11 . 2014-01-02 16:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-02 02:20 . 2014-01-02 02:20	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CC274D2-3AB5-4685-BF2D-E14C24AA90A2}\offreg.dll
2013-12-31 09:58 . 2013-12-04 03:28	10315576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CC274D2-3AB5-4685-BF2D-E14C24AA90A2}\mpengine.dll
2013-12-26 16:04 . 2013-12-26 16:04	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-26 16:04 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-12-12 17:02 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 17:02 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 17:02 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-12 17:02 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-12-12 17:02 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-12 17:00 . 2013-11-26 08:35	5769216	----a-w-	c:\windows\system32\jscript9.dll
2013-12-12 17:00 . 2013-11-26 08:16	4243968	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-12-08 08:50 . 2013-12-08 08:50	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 14:09 . 2013-09-26 14:36	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-12-17 14:09 . 2013-09-26 14:36	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-12-17 14:09 . 2013-05-07 16:58	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-12-12 17:33 . 2013-09-07 12:05	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 17:33 . 2013-09-07 12:05	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-12 16:57 . 2011-09-05 18:39	90708896	----a-w-	c:\windows\system32\MRT.exe
2013-11-25 18:00 . 2013-09-26 14:36	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-11-22 21:44 . 2013-11-22 21:44	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-22 21:44 . 2013-11-22 21:44	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-11-22 21:44 . 2013-11-22 21:44	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-22 21:44 . 2013-11-22 21:44	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2013-11-22 21:44 . 2013-11-22 21:44	235008	----a-w-	c:\windows\system32\elshyph.dll
2013-11-22 21:44 . 2013-11-22 21:44	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2013-11-22 21:44 . 2013-11-22 21:44	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-11-22 21:44 . 2013-11-22 21:44	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-22 21:44 . 2013-11-22 21:44	337408	----a-w-	c:\windows\SysWow64\html.iec
2013-11-22 21:44 . 2013-11-22 21:44	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-11-22 21:44 . 2013-11-22 21:44	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-11-22 21:44 . 2013-11-22 21:44	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-11-22 21:44 . 2013-11-22 21:44	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-11-22 21:44 . 2013-11-22 21:44	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-11-22 21:44 . 2013-11-22 21:44	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2013-11-22 21:44 . 2013-11-22 21:44	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-11-22 21:44 . 2013-11-22 21:44	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-22 21:44 . 2013-11-22 21:44	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2013-11-22 21:44 . 2013-11-22 21:44	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2013-11-22 21:44 . 2013-11-22 21:44	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-11-22 21:44 . 2013-11-22 21:44	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-11-22 21:44 . 2013-11-22 21:44	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2013-11-22 21:44 . 2013-11-22 21:44	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-11-22 21:44 . 2013-11-22 21:44	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-11-22 21:44 . 2013-11-22 21:44	942592	----a-w-	c:\windows\system32\jsIntl.dll
2013-11-22 21:44 . 2013-11-22 21:44	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-11-22 21:44 . 2013-11-22 21:44	247808	----a-w-	c:\windows\system32\msls31.dll
2013-11-22 21:44 . 2013-11-22 21:44	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-11-22 21:44 . 2013-11-22 21:44	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-11-22 21:44 . 2013-11-22 21:44	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-11-22 21:44 . 2013-11-22 21:44	195584	----a-w-	c:\windows\system32\msrating.dll
2013-11-22 21:44 . 2013-11-22 21:44	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2013-11-22 21:44 . 2013-11-22 21:44	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-11-22 21:44 . 2013-11-22 21:44	105984	----a-w-	c:\windows\system32\iesysprep.dll
2013-11-22 21:44 . 2013-11-22 21:44	81408	----a-w-	c:\windows\system32\icardie.dll
2013-11-22 21:44 . 2013-11-22 21:44	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-11-22 21:44 . 2013-11-22 21:44	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2013-11-22 21:44 . 2013-11-22 21:44	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2013-11-22 21:44 . 2013-11-22 21:44	413696	----a-w-	c:\windows\system32\html.iec
2013-11-22 21:44 . 2013-11-22 21:44	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-22 21:44 . 2013-11-22 21:44	296960	----a-w-	c:\windows\system32\dxtrans.dll
2013-11-22 21:44 . 2013-11-22 21:44	235520	----a-w-	c:\windows\system32\url.dll
2013-11-22 21:44 . 2013-11-22 21:44	84992	----a-w-	c:\windows\system32\mshtmled.dll
2013-11-22 21:44 . 2013-11-22 21:44	626176	----a-w-	c:\windows\system32\msfeeds.dll
2013-11-22 21:44 . 2013-11-22 21:44	62464	----a-w-	c:\windows\system32\pngfilt.dll
2013-11-22 21:44 . 2013-11-22 21:44	548352	----a-w-	c:\windows\system32\vbscript.dll
2013-11-22 21:44 . 2013-11-22 21:44	30208	----a-w-	c:\windows\system32\licmgr10.dll
2013-11-22 21:44 . 2013-11-22 21:44	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2013-11-22 21:44 . 2013-11-22 21:44	243200	----a-w-	c:\windows\system32\webcheck.dll
2013-11-22 21:44 . 2013-11-22 21:44	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-11-22 21:44 . 2013-11-22 21:44	147968	----a-w-	c:\windows\system32\occache.dll
2013-11-22 21:44 . 2013-11-22 21:44	143872	----a-w-	c:\windows\system32\wextract.exe
2013-11-22 21:44 . 2013-11-22 21:44	13824	----a-w-	c:\windows\system32\mshta.exe
2013-11-22 21:44 . 2013-11-22 21:44	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-11-22 21:44 . 2013-11-22 21:44	101376	----a-w-	c:\windows\system32\inseng.dll
2013-11-22 21:44 . 2013-11-22 21:44	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-11-22 21:44 . 2013-11-22 21:44	774144	----a-w-	c:\windows\system32\jscript.dll
2013-11-22 21:44 . 2013-11-22 21:44	48128	----a-w-	c:\windows\system32\imgutil.dll
2013-11-22 21:44 . 2013-11-22 21:44	135680	----a-w-	c:\windows\system32\iepeers.dll
2013-11-19 02:33 . 2010-11-21 03:27	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-10-14 17:00 . 2013-11-22 21:49	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-19 16:50	830464	----a-w-	c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-19 16:50	859648	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-19 16:50	324096	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-19 16:50	656896	----a-w-	c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-19 16:50	216576	----a-w-	c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-19 16:53	1474048	----a-w-	c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-19 16:53	1168384	----a-w-	c:\windows\SysWow64\crypt32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:28	12240	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"NetworkIndicator"="c:\program files (x86)\network-activity-indicator1.5\NetworkIndicator.exe" [2010-06-30 192512]
"AmazonMP3DownloaderHelper"="c:\users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"MBBalloon"="c:\program files (x86)\HOTALBUMMyBOX\MBBalloon.exe" [2008-07-15 794464]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-9-6 1725440]
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2013-1-15 2472448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ISDNWatch.lnk - c:\program files (x86)\FRITZ!\IWatch.exe [2011-9-5 341304]
MediaChecker.lnk - c:\program files (x86)\HOTALBUMMyBOX\MediaChecker.exe [2008-6-24 918880]
WinTV Recording Status.lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2012-5-19 146944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys;c:\windows\SYSNATIVE\Drivers\PzWDM.sys [x]
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFVA64.sys [x]
R3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys;c:\windows\SYSNATIVE\DRIVERS\AVMCOWAN.sys [x]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFDCP64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tswNT;toolstar*testWIN support driver;c:\users\ADMINI~1\AppData\Local\Temp\00016E2D\tswnt.sys;c:\users\ADMINI~1\AppData\Local\Temp\00016E2D\tswnt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AcfXAudioService;AcfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys;c:\windows\SYSNATIVE\DRIVERS\fpcibase.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 11:44]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 11:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:28	13776	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2013-12-20 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\microsoft office\Office14\BCSSync.exe" [2012-11-05 108144]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"wave2"=AvmSnd.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\micros~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\micros~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: bnhof.de\www
TCP: Interfaces\{C8375703-30A4-47D3-B268-CEB4C754A9FD}: NameServer = 217.237.151.115,217.237.148.102
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-02  17:25:08
ComboFix-quarantined-files.txt  2014-01-02 16:25
.
Vor Suchlauf: 25 Verzeichnis(se), 93.900.718.080 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 93.808.992.256 Bytes frei
.
- - End Of File - - 2FC6EAE018DE54AAFEDA1DA330E2C819
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 03.01.2014, 12:33

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

FUXS · 03.01.2014, 15:44

Hallo Schrauber,

scheint ja ganz schön kompliziert zu sein

Code:

ATTFilter

# AdwCleaner v3.016 - Bericht erstellt am 03/01/2014 um 15:19:12
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ***** - FUX
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\NCH Software
Datei Gelöscht : C:\Windows\System32\Tasks\NCH Software

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\SIEN SA
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKCU\Software\NCH Software
Schlüssel Gelöscht : HKLM\Software\NCH Software

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


*************************

AdwCleaner[R0].txt - [18727 octets] - [12/11/2013 06:49:09]
AdwCleaner[R1].txt - [799 octets] - [13/11/2013 07:46:58]
AdwCleaner[R2].txt - [917 octets] - [17/11/2013 22:37:31]
AdwCleaner[R3].txt - [1962 octets] - [03/01/2014 15:15:30]
AdwCleaner[S0].txt - [17410 octets] - [12/11/2013 06:50:25]
AdwCleaner[S1].txt - [859 octets] - [13/11/2013 07:47:30]
AdwCleaner[S2].txt - [1834 octets] - [03/01/2014 15:19:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1894 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by ***** on 03.01.2014 at 15:26:03,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lyricssay-16-bg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lyricssay-16-bg_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsSay-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsSay-16-codedownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\lyricssay-16-bg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\lyricssay-16-bg_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsSay-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsSay-16-codedownloader_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.01.2014 at 15:31:14,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.03.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
***** :: FUX [Administrator]

03.01.2014 15:05:10
mbam-log-2014-01-03 (15-05-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 260851
Laufzeit: 6 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by ***** (administrator) on FUX on 03-01-2014 15:31:52
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\MDM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ITSamples.com) C:\Program Files (x86)\network-activity-indicator1.5\NetworkIndicator.exe
() C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!\IWatch.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - C:\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [MBBalloon] - C:\Program Files (x86)\HOTALBUMMyBOX\MBBalloon.exe [794464 2008-07-15] (PLANNING Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKCU\...\Run: [NetworkIndicator] - C:\Program Files (x86)\network-activity-indicator1.5\NetworkIndicator.exe [192512 2010-06-30] (ITSamples.com)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com
hxxp://www.tecstore.net
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC20BB6DBF76BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {00ABEE1F-72B2-4CC2-9B1D-334CCF0AC432} URL = 
SearchScopes: HKCU - {35825C99-56CB-4DBB-8A28-34550A6D3B7F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{C8375703-30A4-47D3-B268-CEB4C754A9FD}: [NameServer]217.237.151.115,217.237.148.102

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-05-21] (Hauppauge Computer Works)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Microsoft Office\Office14\GROOVE.EXE [50921648 2013-03-08] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [81920 2007-05-07] (AVM GmbH)
S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)
S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
S0 PzWDM; C:\Windows\SysWow64\Drivers\PzWDM.sys [15172 2011-09-08] (Prassi Technology)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-06-09] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-09] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-09] (Paragon)
R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\00016E2D\tswnt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-03 15:31 - 2014-01-03 15:31 - 00012174 _____ C:\Users\*****\Desktop\FRST.txt
2014-01-03 15:31 - 2014-01-03 15:31 - 00002004 _____ C:\Users\*****\Desktop\JRT.txt
2014-01-03 15:31 - 2014-01-03 15:31 - 00000000 ____D C:\Users\*****\Desktop\FRST-OlderVersion
2014-01-03 15:25 - 2014-01-03 15:25 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 15:24 - 2014-01-03 15:01 - 01036305 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-01-03 15:14 - 2014-01-03 15:00 - 01233962 _____ C:\Users\*****\Desktop\adwcleaner.exe
2014-01-03 15:02 - 2014-01-03 15:02 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-03 15:02 - 2014-01-03 15:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 15:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-02 17:25 - 2014-01-02 17:25 - 00023380 _____ C:\ComboFix.txt
2014-01-02 17:00 - 2014-01-02 17:25 - 00000000 ____D C:\Qoobox
2014-01-02 17:00 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-02 17:00 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-02 17:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-02 17:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-02 17:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-02 17:00 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-02 17:00 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-02 17:00 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-02 16:59 - 2014-01-02 17:22 - 00000000 ____D C:\Windows\erdnt
2014-01-02 16:58 - 2014-01-02 16:58 - 05160282 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-01-02 16:41 - 2014-01-02 16:41 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-31 11:15 - 2013-12-31 11:15 - 00159232 ____N C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung_2.xls
2013-12-26 16:59 - 2014-01-03 15:31 - 01931750 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-12-13 13:51 - 2013-12-22 19:08 - 00129536 _____ C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung.xls
2013-12-12 18:02 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 18:02 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 18:02 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 18:02 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 18:01 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 18:01 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 18:01 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 18:01 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 18:01 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 18:01 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 18:01 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 18:01 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 18:01 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 18:01 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 18:01 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 18:01 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 18:01 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 18:01 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 18:01 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 18:01 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 18:01 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 18:01 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 18:01 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 18:01 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 18:01 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 18:01 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 18:01 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 18:01 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 18:01 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 18:01 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 18:01 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 18:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 18:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 18:00 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 18:00 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 17:51 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 17:51 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 17:51 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 17:51 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 17:51 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 17:51 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 17:51 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 17:51 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 17:51 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 17:51 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 17:51 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 17:51 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 17:51 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 17:51 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 17:51 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 17:51 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 17:51 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 17:51 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 17:51 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 ____D C:\Users\*****\Downloads\Anlagen
2013-12-08 09:50 - 2013-12-08 09:50 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-08 09:29 - 2013-12-15 09:53 - 00000579 _____ C:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website

==================== One Month Modified Files and Folders =======

2014-01-03 15:32 - 2014-01-03 15:31 - 00012174 _____ C:\Users\*****\Desktop\FRST.txt
2014-01-03 15:31 - 2014-01-03 15:31 - 00002004 _____ C:\Users\*****\Desktop\JRT.txt
2014-01-03 15:31 - 2014-01-03 15:31 - 00000000 ____D C:\Users\*****\Desktop\FRST-OlderVersion
2014-01-03 15:31 - 2013-12-26 16:59 - 01931750 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-01-03 15:31 - 2013-11-17 11:53 - 00000000 ____D C:\FRST
2014-01-03 15:29 - 2009-07-14 05:45 - 00021184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 15:29 - 2009-07-14 05:45 - 00021184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 15:28 - 2010-11-21 07:50 - 00702980 _____ C:\Windows\system32\perfh007.dat
2014-01-03 15:28 - 2010-11-21 07:50 - 00150620 _____ C:\Windows\system32\perfc007.dat
2014-01-03 15:28 - 2009-07-14 06:13 - 01629444 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 15:25 - 2014-01-03 15:25 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 15:23 - 2011-09-06 20:49 - 00000000 ____D C:\Users\*****\Documents\Scanner
2014-01-03 15:22 - 2011-09-06 23:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\Spamihilator
2014-01-03 15:21 - 2013-09-30 16:10 - 00005880 _____ C:\Windows\setupact.log
2014-01-03 15:21 - 2012-10-30 22:58 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-03 15:21 - 2012-04-15 12:44 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 15:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 15:20 - 2011-09-02 14:04 - 02091965 _____ C:\Windows\WindowsUpdate.log
2014-01-03 15:19 - 2013-11-12 06:48 - 00000000 ____D C:\AdwCleaner
2014-01-03 15:02 - 2014-01-03 15:02 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-03 15:02 - 2014-01-03 15:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 15:01 - 2014-01-03 15:24 - 01036305 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-01-03 15:00 - 2014-01-03 15:14 - 01233962 _____ C:\Users\*****\Desktop\adwcleaner.exe
2014-01-03 14:57 - 2012-08-28 22:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4286CDE0-0D99-4CC4-99D3-D10049ECD048}
2014-01-02 18:36 - 2012-04-15 12:44 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 17:55 - 2011-09-05 15:07 - 00109672 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-02 17:54 - 2009-07-14 05:45 - 00419528 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-02 17:53 - 2013-09-30 16:09 - 00136036 _____ C:\Windows\PFRO.log
2014-01-02 17:25 - 2014-01-02 17:25 - 00023380 _____ C:\ComboFix.txt
2014-01-02 17:25 - 2014-01-02 17:00 - 00000000 ____D C:\Qoobox
2014-01-02 17:25 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-02 17:22 - 2014-01-02 16:59 - 00000000 ____D C:\Windows\erdnt
2014-01-02 17:12 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-02 16:58 - 2014-01-02 16:58 - 05160282 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-01-02 16:41 - 2014-01-02 16:41 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-02 16:41 - 2011-09-02 14:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-31 17:12 - 2011-10-07 14:43 - 00001475 _____ C:\Users\*****\AppData\Local\RecConfig.xml
2013-12-31 11:15 - 2013-12-31 11:15 - 00159232 ____N C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung_2.xls
2013-12-31 10:37 - 2011-09-05 14:50 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 20:19 - 2013-11-16 20:58 - 00086326 _____ C:\OTL.Txt
2013-12-29 17:52 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-26 10:08 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-24 11:06 - 2011-09-08 16:49 - 00000000 ____D C:\Program Files (x86)\HOTALBUMMyBOX
2013-12-23 18:41 - 2013-10-30 12:16 - 00000534 _____ C:\Users\*****\AppData\Roaming\burnaware.ini
2013-12-22 19:08 - 2013-12-13 13:51 - 00129536 _____ C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung.xls
2013-12-22 12:23 - 2011-09-05 23:29 - 00000000 ____D C:\ProgramData\FreePDF
2013-12-22 12:22 - 2011-09-05 23:32 - 00019740 _____ C:\fpRedmon.log
2013-12-17 15:15 - 2011-09-06 20:37 - 00000474 _____ C:\Users\*****\Desktop\Frankenpost  ePaper.website
2013-12-17 15:09 - 2013-09-26 15:36 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 15:09 - 2013-09-26 15:36 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 15:09 - 2013-05-07 17:58 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-16 16:39 - 2012-04-21 16:51 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 16:39 - 2012-04-15 12:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-16 15:57 - 2011-09-05 23:32 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-12-16 07:12 - 2013-06-28 20:44 - 00000000 ____D C:\Users\*****\mobileX
2013-12-15 09:53 - 2013-12-08 09:29 - 00000579 _____ C:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website
2013-12-14 17:37 - 2011-09-06 20:49 - 00000000 ____D C:\Users\*****\Documents\Kalender
2013-12-13 15:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 18:33 - 2013-09-07 13:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 18:33 - 2013-09-07 13:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 18:01 - 2011-09-05 20:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 17:59 - 2013-08-24 22:16 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 17:57 - 2011-09-05 19:39 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 ____D C:\Users\*****\Downloads\Anlagen
2013-12-10 18:09 - 2011-09-05 21:44 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-12-08 09:50 - 2013-12-08 09:50 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-08 09:50 - 2011-09-05 21:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-08 09:50 - 2011-09-05 21:18 - 00000000 ____D C:\ProgramData\Adobe
2013-12-07 14:31 - 2012-04-15 12:44 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 14:31 - 2012-04-15 12:44 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 13:20

==================== End Of Log ============================

--- --- ---

schrauber · 04.01.2014, 15:32

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

FUXS · 05.01.2014, 17:48

Hallo Schrauber,

hier die Dateien:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f53a0e0def07254fb83f2a3b8f33af7d
# engine=16517
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-04 04:33:50
# local_time=2014-01-04 05:33:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 19897 8647514 12665 0
# compatibility_mode=5893 16776573 100 94 90553 140483080 0 0
# scanned=297855
# found=2
# cleaned=0
# scan_time=5670
sh=8AE317B9AFB331692FFA11F325275EB7064D96BC ft=1 fh=4ae878adc56cb125 vn="a variant of Win32/Kryptik.BRWL trojan" ac=I fn="C:\FRST\Quarantine\gqmwjqmbdo.jss"
sh=6C1D585D46D4A002F66BE6BD800826E6B56EBD26 ft=1 fh=82a2377184606574 vn="a variant of Win64/Kryptik.FJ trojan" ac=I fn="C:\FRST\Quarantine\odbmqjwmqg.zvv"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 35  
 Java version out of Date! 
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by ***** (administrator) on FUX on 05-01-2014 17:41:13
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\MDM.EXE
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ITSamples.com) C:\Program Files (x86)\network-activity-indicator1.5\NetworkIndicator.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!\IWatch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - C:\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [MBBalloon] - C:\Program Files (x86)\HOTALBUMMyBOX\MBBalloon.exe [794464 2008-07-15] (PLANNING Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKCU\...\Run: [NetworkIndicator] - C:\Program Files (x86)\network-activity-indicator1.5\NetworkIndicator.exe [192512 2010-06-30] (ITSamples.com)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?cc=de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com
hxxp://www.tecstore.net
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC20BB6DBF76BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {00ABEE1F-72B2-4CC2-9B1D-334CCF0AC432} URL = 
SearchScopes: HKCU - {62459533-CC50-4B3A-AFCB-4FEA967A8476} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {9EBA9D19-AC2F-4EBE-8090-6AC90B27A7F2} URL = 
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{C8375703-30A4-47D3-B268-CEB4C754A9FD}: [NameServer]217.237.151.115,217.237.148.102

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-05-21] (Hauppauge Computer Works)
S3 Microsoft SharePoint Workspace Audit Service; C:\Microsoft Office\Office14\GROOVE.EXE [50921648 2013-03-08] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [81920 2007-05-07] (AVM GmbH)
S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)
S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
S0 PzWDM; C:\Windows\SysWow64\Drivers\PzWDM.sys [15172 2011-09-08] (Prassi Technology)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-06-09] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-09] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-09] (Paragon)
R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\00016E2D\tswnt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 17:41 - 2014-01-05 17:41 - 00011822 _____ C:\Users\*****\Desktop\FRST.txt
2014-01-05 17:41 - 2014-01-05 17:41 - 00000000 ____D C:\Users\*****\Desktop\FRST-OlderVersion
2014-01-05 17:40 - 2014-01-05 17:41 - 01931368 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-01-04 15:42 - 2014-01-04 15:42 - 00987410 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2014-01-04 15:41 - 2014-01-04 15:41 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2014-01-03 18:37 - 2014-01-03 18:37 - 00001421 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-03 17:48 - 2014-01-03 20:42 - 00001044 _____ C:\Users\*****\Desktop\JOBBÖRSE - Stellenangebot.website
2014-01-03 17:33 - 2014-01-03 17:33 - 00000437 _____ C:\Users\*****\Desktop\Stellenangebote - Dussmann Group.website
2014-01-03 17:33 - 2014-01-03 17:33 - 00000000 ____D C:\Users\*****\Desktop\Trojaner
2014-01-03 15:25 - 2014-01-03 15:25 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 15:02 - 2014-01-03 15:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 15:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-02 17:25 - 2014-01-02 17:25 - 00023380 _____ C:\ComboFix.txt
2014-01-02 17:00 - 2014-01-02 17:25 - 00000000 ____D C:\Qoobox
2014-01-02 17:00 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-02 17:00 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-02 17:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-02 17:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-02 17:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-02 17:00 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-02 17:00 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-02 17:00 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-02 16:59 - 2014-01-02 17:22 - 00000000 ____D C:\Windows\erdnt
2014-01-02 16:41 - 2014-01-02 16:41 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-31 11:15 - 2013-12-31 11:15 - 00159232 ____N C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung_2.xls
2013-12-13 13:51 - 2013-12-22 19:08 - 00129536 _____ C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung.xls
2013-12-12 18:02 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 18:02 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 18:02 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 18:02 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 17:51 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 17:51 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 17:51 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 17:51 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 17:51 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 17:51 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 17:51 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 17:51 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 17:51 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 17:51 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 17:51 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 17:51 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 17:51 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 17:51 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 17:51 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 17:51 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 17:51 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 17:51 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 17:51 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 ____D C:\Users\*****\Downloads\Anlagen
2013-12-08 09:50 - 2013-12-08 09:50 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

==================== One Month Modified Files and Folders =======

2014-01-05 17:41 - 2014-01-05 17:41 - 00011822 _____ C:\Users\*****\Desktop\FRST.txt
2014-01-05 17:41 - 2014-01-05 17:41 - 00000000 ____D C:\Users\*****\Desktop\FRST-OlderVersion
2014-01-05 17:41 - 2014-01-05 17:40 - 01931368 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-01-05 17:41 - 2013-11-17 11:53 - 00000000 ____D C:\FRST
2014-01-05 17:36 - 2012-04-15 12:44 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 16:12 - 2012-08-28 22:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4286CDE0-0D99-4CC4-99D3-D10049ECD048}
2014-01-05 14:36 - 2012-04-15 12:44 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 15:42 - 2014-01-04 15:42 - 00987410 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2014-01-04 15:41 - 2014-01-04 15:41 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2014-01-04 15:40 - 2011-09-06 23:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\Spamihilator
2014-01-04 11:37 - 2011-09-05 23:32 - 00021420 _____ C:\fpRedmon.log
2014-01-04 11:37 - 2011-09-05 23:29 - 00000000 ____D C:\ProgramData\FreePDF
2014-01-04 11:35 - 2010-11-21 07:50 - 00702980 _____ C:\Windows\system32\perfh007.dat
2014-01-04 11:35 - 2010-11-21 07:50 - 00150620 _____ C:\Windows\system32\perfc007.dat
2014-01-04 11:35 - 2009-07-14 06:13 - 01629444 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 11:32 - 2011-09-08 16:49 - 00000000 ____D C:\Program Files (x86)\HOTALBUMMyBOX
2014-01-04 09:52 - 2011-10-03 18:23 - 00000000 ____D C:\Users\*****\AppData\Local\FreePDF_XP
2014-01-04 07:05 - 2009-07-14 05:45 - 00021184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 07:05 - 2009-07-14 05:45 - 00021184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 06:57 - 2011-09-06 20:49 - 00000000 ____D C:\Users\*****\Documents\Scanner
2014-01-04 06:56 - 2013-09-30 16:10 - 00006160 _____ C:\Windows\setupact.log
2014-01-04 06:56 - 2012-10-30 22:58 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-04 06:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 00:09 - 2011-09-02 14:04 - 01100113 _____ C:\Windows\WindowsUpdate.log
2014-01-03 20:42 - 2014-01-03 17:48 - 00001044 _____ C:\Users\*****\Desktop\JOBBÖRSE - Stellenangebot.website
2014-01-03 19:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-03 18:37 - 2014-01-03 18:37 - 00001421 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-03 18:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-03 17:33 - 2014-01-03 17:33 - 00000437 _____ C:\Users\*****\Desktop\Stellenangebote - Dussmann Group.website
2014-01-03 17:33 - 2014-01-03 17:33 - 00000000 ____D C:\Users\*****\Desktop\Trojaner
2014-01-03 16:37 - 2013-05-30 14:38 - 00000539 _____ C:\Users\*****\Desktop\Steinbach - Jetzt auch als Puzzle, Poster oder Leinwand.website
2014-01-03 16:35 - 2013-05-30 16:10 - 00000516 _____ C:\Users\*****\Desktop\bayern.de.website
2014-01-03 16:35 - 2013-05-30 15:51 - 00000446 _____ C:\Users\*****\Desktop\Ortsdatenbank Steinbach für Chronik.website
2014-01-03 16:35 - 2011-09-06 20:37 - 00000474 _____ C:\Users\*****\Desktop\Frankenpost  ePaper.website
2014-01-03 15:25 - 2014-01-03 15:25 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 15:19 - 2013-11-12 06:48 - 00000000 ____D C:\AdwCleaner
2014-01-03 15:02 - 2014-01-03 15:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 17:55 - 2011-09-05 15:07 - 00109672 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-02 17:54 - 2009-07-14 05:45 - 00419528 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-02 17:53 - 2013-09-30 16:09 - 00136036 _____ C:\Windows\PFRO.log
2014-01-02 17:25 - 2014-01-02 17:25 - 00023380 _____ C:\ComboFix.txt
2014-01-02 17:25 - 2014-01-02 17:00 - 00000000 ____D C:\Qoobox
2014-01-02 17:25 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-02 17:22 - 2014-01-02 16:59 - 00000000 ____D C:\Windows\erdnt
2014-01-02 17:12 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-02 16:41 - 2014-01-02 16:41 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-02 16:41 - 2011-09-02 14:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-31 17:12 - 2011-10-07 14:43 - 00001475 _____ C:\Users\*****\AppData\Local\RecConfig.xml
2013-12-31 11:15 - 2013-12-31 11:15 - 00159232 ____N C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung_2.xls
2013-12-31 10:37 - 2011-09-05 14:50 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 20:19 - 2013-11-16 20:58 - 00086326 _____ C:\OTL.Txt
2013-12-29 17:52 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-26 10:08 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-23 18:41 - 2013-10-30 12:16 - 00000534 _____ C:\Users\*****\AppData\Roaming\burnaware.ini
2013-12-22 19:08 - 2013-12-13 13:51 - 00129536 _____ C:\Users\*****\Desktop\49 g Derrnwaader Mundart-Sammlung.xls
2013-12-17 15:09 - 2013-09-26 15:36 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 15:09 - 2013-09-26 15:36 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 15:09 - 2013-05-07 17:58 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-16 16:39 - 2012-04-21 16:51 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 16:39 - 2012-04-15 12:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-16 15:57 - 2011-09-05 23:32 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-12-16 07:12 - 2013-06-28 20:44 - 00000000 ____D C:\Users\*****\mobileX
2013-12-14 17:37 - 2011-09-06 20:49 - 00000000 ____D C:\Users\*****\Documents\Kalender
2013-12-12 18:33 - 2013-09-07 13:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 18:33 - 2013-09-07 13:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 18:01 - 2011-09-05 20:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 17:59 - 2013-08-24 22:16 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 17:57 - 2011-09-05 19:39 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 ____D C:\Users\*****\Downloads\Anlagen
2013-12-10 18:09 - 2011-09-05 21:44 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-12-08 09:50 - 2013-12-08 09:50 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-08 09:50 - 2011-09-05 21:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-08 09:50 - 2011-09-05 21:18 - 00000000 ____D C:\ProgramData\Adobe
2013-12-07 14:31 - 2012-04-15 12:44 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 14:31 - 2012-04-15 12:44 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 13:20

==================== End Of Log ============================

--- --- ---

Gruß
FUXS

schrauber · 06.01.2014, 16:13

Java updaten.

Fertig

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.